CVE-2005-4703
published 2005-12-31CVE-2005-4703: Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
25.13%
97.7th percentile
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Apache Tomcat Discloses MS-DOS Pathname
osv·2022-05-01
CVE-2005-4703 [MEDIUM] Apache Tomcat Discloses MS-DOS Pathname
Apache Tomcat Discloses MS-DOS Pathname
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by `lpt9.xtp` using Nikto.
GHSA
Apache Tomcat Discloses MS-DOS Pathname
ghsa·2022-05-01
CVE-2005-4703 [MEDIUM] CWE-200 Apache Tomcat Discloses MS-DOS Pathname
Apache Tomcat Discloses MS-DOS Pathname
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by `lpt9.xtp` using Nikto.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/ref/20/20033-tomcat-dos-path_disclosure.txthttp://tomcat.apache.org/security-4.htmlhttp://www.osvdb.org/20033http://www.securityfocus.com/bid/28484https://exchange.xforce.ibmcloud.com/vulnerabilities/42914https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttp://osvdb.org/ref/20/20033-tomcat-dos-path_disclosure.txthttp://tomcat.apache.org/security-4.htmlhttp://www.osvdb.org/20033http://www.securityfocus.com/bid/28484https://exchange.xforce.ibmcloud.com/vulnerabilities/42914https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
2005-12-31
Published